From b8c7c2c9aa604fd1fb7be5559c9ad025ceb17aa4 Mon Sep 17 00:00:00 2001 From: Markus Heiser Date: Sun, 28 May 2023 18:58:31 +0200 Subject: [mod] botdetection - improve ip_limit and link_token methods - counting requests in LONG_WINDOW and BURST_WINDOW is not needed when the request is validated by the link_token method [1] - renew a ping-key on validation [2], this is needed for infinite scrolling, where no new token (CSS) is loaded. / this does not fix the BURST_MAX issue in the vanilla limiter - normalize the counter names of the ip_limit method to 'ip_limit.*' - just integrate the ip_limit method straight forward in the limiter plugin / non intermediate code --> ip_limit now returns None or a werkzeug.Response object that can be passed by the plugin to the flask application / non intermediate code that returns a tuple [1] https://github.com/searxng/searxng/pull/2357#issuecomment-1566113277 [2] https://github.com/searxng/searxng/pull/2357#discussion_r1208542206 [3] https://github.com/searxng/searxng/pull/2357#issuecomment-1566125979 Signed-off-by: Markus Heiser --- searx/plugins/limiter.py | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'searx/plugins') diff --git a/searx/plugins/limiter.py b/searx/plugins/limiter.py index 92b0aa2a0..7edbb1ce0 100644 --- a/searx/plugins/limiter.py +++ b/searx/plugins/limiter.py @@ -20,16 +20,10 @@ logger = logger.getChild('limiter') def pre_request(): """See :ref:`flask.Flask.before_request`""" - - val = limiter.filter_request(flask.request) - if val is not None: - http_status, msg = val - client_ip = flask.request.headers.get('X-Forwarded-For', '') - logger.error("BLOCK (IP %s): %s" % (client_ip, msg)) - return 'Too Many Requests', http_status - - logger.debug("OK: %s" % dump_request(flask.request)) - return None + ret_val = limiter.filter_request(flask.request) + if ret_val is None: + logger.debug("OK: %s" % dump_request(flask.request)) + return ret_val def init(app: flask.Flask, settings) -> bool: -- cgit v1.2.3